[sbmotoracer]

From reading the source code of KDSBest's spu simulator code, I understand it can debug binary files (bin files).

To load a binary file you'd write in the kds file: "bin,filename,entrypoint?"

For example if I were to write bin,helloworld,0x05 the debugger would load at for example 0x12.

I was wondering if it would be possible to control the entry point of the debugger/dissasembler?

[sbmotoracer]

Originally Posted by sbmotoracer From reading the source code of KDSBest's spu simulator code, I understand it can debug binary files (bin files). To load a binary file you'd write in the kds file: "bin,filename,entrypoint?" For example if I were to write bin,helloworld,0x05 the debugger would load at for example 0x12. I was wondering if it would be possible to control the entry point of the debugger/dissasembler?

I have to say i'm a bit embarrassed I didn't figure this out the first time but:

After having my daily 1am coffee I've figured it out. To those wondering the way bin command works is:

bin filename,position on where in LS where the code should be placed*

Note - if the code falls below the memory limit of LS it will be cut off.

[KDSBest]

Originally Posted by sbmotoracer I have to say i'm a bit embarrassed I didn't figure this out the first time but: After having my daily 1am coffee I've figured it out. To those wondering the way bin command works is: bin filename,position on where in LS where the code should be placed* Note - if the code falls below the memory limit of LS it will be cut off.

Why not just ask me via twitter

[sbmotoracer]

Originally Posted by KDSBest Why not just ask me via twitter

l because to be honest I hate asking someone, without first trying myself.

That and I figured you got enough PMs,irc questions,twitter emails,etc to start annoying you with another one didn't sit well with me...

But since I have you here in this thread, I do have one more question for you if you don’t mind.

Would it be possible to modify your simulator so instead of it cutting the bottom half of the code it would loop back to the like a donut/ a real spu would react if you were to access the bottom of the memory + whatever.

Or instead of having it loop to instead choose where the debugger starts ie instead of @ 0x0, the user could choose 0x43.

Note - im not asking if you can do it for me as Im not that type of person but im just trying to gage whether it would be better to modify your simulator to do the this above or to save myself the trouble and go back to anergistic.



The reson for all of the questions is

I've got binary code that has its entry point right in the middle and I don’t want to just chop off the top half to get it to run.

I’m learning how to reverse spu code and I’m noticing a difference in what IDA tells me and what your simulator says.

I want to verify which is correct.




edit - now I remember why I don't usually post lol. Dosen't matter the topic but I usually end up writing a mini novel.

If anything is unclear as to what I wrote above, let me know and I'll explain it again... This time without jumping back and forth from work to the site and back lol

[KDSBest]

Originally Posted by sbmotoracer l because to be honest I hate asking someone, without first trying myself. That and I figured you got enough PMs,irc questions,twitter emails,etc to start annoying you with another one didn't sit well with me... But since I have you here in this thread, I do have one more question for you if you don’t mind. Would it be possible to modify your simulator so instead of it cutting the bottom half of the code it would loop back to the like a donut/ a real spu would react if you were to access the bottom of the memory + whatever. Or instead of having it loop to instead choose where the debugger starts ie instead of @ 0x0, the user could choose 0x43. Note - im not asking if you can do it for me as Im not that type of person but im just trying to gage whether it would be better to modify your simulator to do the this above or to save myself the trouble and go back to anergistic. The reson for all of the questions is I've got binary code that has its entry point right in the middle and I don’t want to just chop off the top half to get it to run. I’m learning how to reverse spu code and I’m noticing a difference in what IDA tells me and what your simulator says. I want to verify which is correct. edit - now I remember why I don't usually post lol. Dosen't matter the topic but I usually end up writing a mini novel. If anything is unclear as to what I wrote above, let me know and I'll explain it again... This time without jumping back and forth from work to the site and back lol

Normaly it takes the ip of the elf, but u can set it in the .kds script I will check out how later. The donut thingy is easy to implement. I don't get bothered by anyone in twitter nor in irc so feel free to ask .

After work I will help you with this. It is a catwalk to implement both

[KDSBest]

In the File "FileLoader.cs":
in Function:

Code:

        public static int LoadElfPHDR(BinaryReader br, SPU spu, uint phdr_offset, uint i)
        {
            byte[] phdr = new byte[0x20];
            uint offset, paddr, size;

            br.BaseStream.Seek(phdr_offset + 0x20 * i, SeekOrigin.Begin);
            br.Read(phdr, 0, phdr.Length);
            if (ConversionUtils.byteToUInt(phdr) != 1)
                return 1;
            offset = ConversionUtils.byteToUInt(phdr, 0x04);
            paddr = ConversionUtils.byteToUInt(phdr, 0x0C);
            size = ConversionUtils.byteToUInt(phdr, 0x10);

            if ((offset + size) > spu.LocalStorage.Length)
                return 2;
            br.BaseStream.Seek(offset, SeekOrigin.Begin);
            br.Read(spu.LocalStorage, (int)paddr, (int)size);
            return 0;
}

first of all: if ((offset + size) > spu.LocalStorage.Length) <--- is wrong paddr + size should be right but noone cares
replace it with this function:

Code:

        public static int LoadElfPHDR(BinaryReader br, SPU spu, uint phdr_offset, uint i)
        {
            byte[] phdr = new byte[0x20];
            uint offset, paddr, size;

            br.BaseStream.Seek(phdr_offset + 0x20 * i, SeekOrigin.Begin);
            br.Read(phdr, 0, phdr.Length);
            if (ConversionUtils.byteToUInt(phdr) != 1)
                return 1;
            offset = ConversionUtils.byteToUInt(phdr, 0x04);
            paddr = ConversionUtils.byteToUInt(phdr, 0x0C);
            size = ConversionUtils.byteToUInt(phdr, 0x10);

            br.BaseStream.Seek(offset, SeekOrigin.Begin);
            if ((paddr + size) > spu.LocalStorage.Length)
            {
                int overflow = (int) ((paddr + size) - spu.LocalStorage.Length);
                br.Read(spu.LocalStorage, (int)paddr, (int)size - overflow);
                br.Read(spu.LocalStorage, 0, overflow);
            }
            else
            {
                br.Read(spu.LocalStorage, (int)paddr, (int)size);
            }
            return 0;
        }

This should do the donut load on elf files.

________________________________________________________

In .kds Script you can set the instruction pointer with
ip,0x400

_______________________________________________________

The first thing is untested but you should get the idea. Have fun...

This is unsafe and can crash todo it right read the elf in an own buffer and copy it over... Not done in 10 sec like this patch but should be more secure... I am lazy you get the idea and should be able todo it alone :P

Problem is if the elf part region is completly out of the ls this will corrupt the LS here. Since it starts writing from 0 always and not the right offset, this is just a patch giving you the idea how it works... Sorry I can't provide more at current time.

[sbmotoracer]

Just got home from work. By all means this is more then enough. Thanks :-)

Would the same process be able to control the entry point for binary files?

___________________________________________________________________________________________________________________


Edit - I got it working.

Note - for anyone who wants to use this edited function, just use the kds script - bin,entrypoint,filename
Note2 - no checks are done to verify if the entry point is valid - this is a dev tool so I didn't think it was necessary to add checks.
Note3 - All credit goes to KDSBest except for the slight mod I did

Code:

public static void LoadBin(int lsStart, string FileName, SPU spu)
        {
            BinaryReader br = new BinaryReader(File.OpenRead(FileName));
            br.BaseStream.Seek(0, SeekOrigin.Begin);

            int len = (int) br.BaseStream.Length;
            byte[] buf = new byte[len];
            br.Read(buf, 0, len);

            int indexinlocalstorage = 0; //index in local storeage 

            int breakoutcheck = 0; // used to signify why to break out of the loop
            for (int i = lsStart; i <= 262144; i++)
            {

                if (i == 262144) // if i has reached the limit, reset i and signify when we reach lsStart break instead of passing it.
                {
                    breakoutcheck = 1;
                    i = 0;
                }

                if (i == lsStart && breakoutcheck == 1)
                {
                    break;
                }
                spu.LocalStorage[indexinlocalstorage] = buf[i];
                indexinlocalstorage++;
            }
            br.Close();
        }

[KDSBest]

Originally Posted by sbmotoracer Just got home from work. By all means this is more then enough. Thanks :-) Would the same process be able to control the entry point for binary files? ___________________________________________________________________________________________________________________ Edit - I got it working. Note - for anyone who wants to use this edited function, just use the kds script - bin,entrypoint,filename Note2 - no checks are done to verify if the entry point is valid - this is a dev tool so I didn't think it was necessary to add checks. Note3 - All credit goes to KDSBest except for the slight mod I did Code: public static void LoadBin(int lsStart, string FileName, SPU spu) { BinaryReader br = new BinaryReader(File.OpenRead(FileName)); br.BaseStream.Seek(0, SeekOrigin.Begin); int len = (int) br.BaseStream.Length; byte[] buf = new byte[len]; br.Read(buf, 0, len); int indexinlocalstorage = 0; //index in local storeage int breakoutcheck = 0; // used to signify why to break out of the loop for (int i = lsStart; i <= 262144; i++) { if (i == 262144) // if i has reached the limit, reset i and signify when we reach lsStart break instead of passing it. { breakoutcheck = 1; i = 0; } if (i == lsStart && breakoutcheck == 1) { break; } spu.LocalStorage[indexinlocalstorage] = buf[i]; indexinlocalstorage++; } br.Close(); }

Your way of doing it is imho not the best way. I will show you a prettier way tonight. But congratz to get it working all that counts in the end

[sbmotoracer]

Originally Posted by KDSBest Your way of doing it is imho not the best way. I will show you a prettier way tonight. But congratz to get it working all that counts in the end

If you have a better way by all means, im all ears

[KDSBest]

Originally Posted by sbmotoracer If you have a better way by all means, im all ears

The problem is that you have a buffer overrun if len is too small.
And lsStart is the start offset you start with writing at adress 0 always, which doesn't work always.

Code:

public static void LoadBin(int lsStart, string FileName, SPU spu)
{
    BinaryReader br = new BinaryReader(File.OpenRead(FileName));
    br.BaseStream.Seek(0, SeekOrigin.Begin);

    int len = (int) br.BaseStream.Length;
    byte[] buf = new byte[len];
    br.Read(buf, 0, len);

    for (int i = 0; i < len; i++)
    {
        spu.LocalStorage[(lsStart+i) % spu.LocalStorage.Length] = buf[i];
    }
    br.Close();
}

I don't have the project here, I patched it in notepad this time with your function as base. So maybe you have to modify it abit, but this should do the trick pretty clean.